Three malicious samples collectively known as JokerSpy have been identified to form a novel elaborate toolkit aimed at compromising macOS devices, reports The Hacker News.
Two generic payloads targeting macOS, Windows, and Linux systems constitute JokerSpy, the first of which named "shared.dat" checks the targeted operating system before proceeding with the retrieval of further instructions, while the more potent "sh.py" features system metadata gathering, file enumeration and deletion, command and file execution, and encoded data exfiltration capabilities, according to a Bitdefender report.
Meanwhile, only devices running on macOS Monterey and newer versions are targeted by the "xcc" FAT binary that mainly examines permissions prior to leveraging a possible spyware component.
"This leads us to believe that these files are part of a more complex attack and that several files are missing from the system we investigated," said researchers, who remained uncertain regarding the identity of attackers behind the operation, as well as their means of initial access.
